Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature/aws cognito resource server #4530

Merged
merged 3 commits into from
May 31, 2018
Merged

Feature/aws cognito resource server #4530

merged 3 commits into from
May 31, 2018

Conversation

tomjanne
Copy link
Contributor

Closes #3616

@ghost ghost added the size/L Managed by automation to categorize the size of a PR. label May 14, 2018
@bflad bflad added new-resource Introduces a new resource. service/cognito labels May 14, 2018
@ldenman
Copy link

ldenman commented May 16, 2018

Nice work @tomjanne.

testAccCheckAWSCognitoResourceServerExists("aws_cognito_resource_server.main"),
resource.TestCheckResourceAttr("aws_cognito_resource_server.main", "identifier", identifier),
resource.TestCheckResourceAttr("aws_cognito_resource_server.main", "name", name),
resource.TestCheckResourceAttrSet("aws_cognito_resource_server.main", "scope_identifiers"),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is currently failing:

=== RUN   TestAccAWSCognitoResourceServer_full
--- FAIL: TestAccAWSCognitoResourceServer_full (5.86s)
    testing.go:518: Step 0 error: Check failed: 1 error(s) occurred:
        
        * Check 4/5 error: aws_cognito_resource_server.main: Attribute 'scope_identifiers' expected to be set

Did you mean to do this?

resource.TestCheckResourceAttr("aws_cognito_resource_server.main", "scope.#", "2"),

Copy link
Contributor

@bflad bflad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for submitting this @tomjanne! It was in pretty good shape and I left some feedback below, which I will implement so we can get this merged and released today 👍

"name": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It appears that name should allow updates. I'll confirm with acceptance testing and remove ForceNew: true if that is the case.

Delete: resourceAwsCognitoResourceServerDelete,

Importer: &schema.ResourceImporter{
State: schema.ImportStatePassthrough,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The current resource ID (only Identifier) does not have enough information to work with the passthrough importer. We also need the user pool ID so the read function can work directly from the ID.

In this case, we should probably prepend the user pool ID to the resource ID, e.g.

# Choosing pipe delimiter here as the identifier might be a URL
d.SetId(fmt.Sprintf("%s|%s", userPoolID, identifier))

return err
}

d.SetId(*resp.ResourceServer.Identifier)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should not call d.SetId() in read functions 👍

}

d.SetId(*resp.ResourceServer.Identifier)
d.Set("name", *resp.ResourceServer.Name)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To prevent panics, we should ensure that resp and resp.ResourceServer are not nil before trying to dereference them.

Also d.Set() is able to handle nil values directly, so we should prefer to not dereference values to prevent potential panics.


log.Printf("[DEBUG] Updating Cognito Resource Server: %s", params)

_, err := conn.UpdateResourceServer(params)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Scopes can be updated but its not being added to the update parameters, so currently they would generate a perpetual difference.

@@ -1386,6 +1386,33 @@ func validateCognitoUserPoolClientURL(v interface{}, k string) (ws []string, es
return
}

func validateCognitoResourceServerScopeDescription(v interface{}, k string) (ws []string, errors []error) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This can be replaced with validation.StringLenBetween(1, 256): https://godoc.org/github.com/hashicorp/terraform/helper/validation#StringLenBetween

errors = append(errors, fmt.Errorf("%q cannot be longer than 256 character", k))
}
if !regexp.MustCompile(`[\x21\x23-\x2E\x30-\x5B\x5D-\x7E]+`).MatchString(value) {
errors = append(errors, fmt.Errorf("%q must satisfy regular expression pattern: [\\x21\\x23-\\x2E\\x30-\\x5B\\x5D-\\x7E]+", k))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor nitpick: We generally prefer to return friendlier validation errors to operators (e.g. should only contain letters, numbers, ...)

scopeIdentifier := elem["scope_identifier"].(string)
scopeIdentifiers = append(scopeIdentifiers, scopeIdentifier)
}
d.Set("scope_identifiers", scopeIdentifiers)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this attribute is a non-scalar type, we should perform d.Set() error checking similar to scopes above.

resp, err := conn.CreateResourceServer(params)

if err != nil {
return errwrap.Wrapf("Error creating Cognito Resource Server: {{err}}", err)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor nitpick: We do not need to use errwrap.Wrapf() when simply returning a single error back to the operator -- fmt.Errorf() is preferred

Required: true,
ValidateFunc: validateCognitoResourceServerScopeName,
},
"scope_identifier": {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This attribute is a little awkward as its not defined by the API and is seemingly only used to build the computed scope_identifiers attribute below. Instead of creating this intermediate attribute, let's just directly create scope_identifiers from the scopes returned by the API to remove any confusion. 👍

@bflad bflad added this to the v1.21.0 milestone May 31, 2018
@bflad
Copy link
Contributor

bflad commented May 31, 2018

After addressing the above feedback and ensuring that updates properly worked for names and scopes (previously all scopes were always removed during update as they were not included in the update call), everything is green.

make testacc TEST=./aws TESTARGS='-run=TestAccAWSCognitoResourceServer'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -run=TestAccAWSCognitoResourceServer -timeout 120m
=== RUN   TestAccAWSCognitoResourceServer_basic
--- PASS: TestAccAWSCognitoResourceServer_basic (24.04s)
=== RUN   TestAccAWSCognitoResourceServer_scope
--- PASS: TestAccAWSCognitoResourceServer_scope (42.89s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	66.971s

@bflad bflad merged commit 71a8b99 into hashicorp:master May 31, 2018
bflad added a commit that referenced this pull request May 31, 2018
@bflad
Copy link
Contributor

bflad commented May 31, 2018

This has been released in version 1.21.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

@tomjanne
Copy link
Contributor Author

tomjanne commented Jun 1, 2018

Thanks for the feedback and the help to get this done.

@ghost
Copy link

ghost commented Apr 5, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Apr 5, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
new-resource Introduces a new resource. size/L Managed by automation to categorize the size of a PR.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

AWS Cognito : Resource Server - New Feature
3 participants